sb-as logo
Story image

Fake apps on Google Play scamming users out of cryptocurrency

Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET. 

ESET researchers have just concluded their analysis of fake cryptocurrency wallets that emerged on Google Play at the time of bitcoin’s renewed spike in value. 

The company says bitcoin has been growing, with its price climbing to its highest point since September 2018, and cybercriminals were quick to notice this development and started upping their efforts in targeting cryptocurrency users with various scams and malicious apps. 

According to the report, one fake app is impersonating the popular hardware cryptocurrency wallet Trezor. The illegitimate app was connected to a fake cryptocurrency wallet app named “Coin Wallet – Bitcoin, Ripple, Ethereum, Tether,” which is capable of scamming unsuspecting users out of money.

“We haven’t previously seen malware misusing Trezor’s branding and were curious about the capabilities of such a fake app,” says Lukáš Štefanko, the ESET researcher who conducted the research, concerning his interest into this specific fake app. 

“After all, Trezor offers hardware wallets that require physical manipulation and authentication via PIN, or knowledge of the so-called recovery seed, to access the stored cryptocurrency,” he explains.

Analysing the fake app, ESET found that it can’t to do any harm to Trezor users’ crypto-savings given Trezor’s multiple security layers; however, it is connected to a fake cryptocurrency wallet app “Coin Wallet,” which is capable of scamming unsuspecting users out of money. 

“Both these apps were created based on an app template sold online,” adds Štefanko.
The app masquerading as a mobile wallet for Trezor was uploaded to Google Play on May 1, 2019, under the developer name “Trezor Inc.” 

“Overall, the app’s page on Google Play appeared trustworthy at first glance. At the time of our analysis, the fake app even came up as the second most popular result when searching for “Trezor” on Google Play, right behind Trezor’s official app. However, the fake app is used to phish for login credentials,” Štefanko explains.

“The app claims it lets its users create wallets for various cryptocurrencies. However, its actual purpose is to trick users into transferring cryptocurrency into the attackers’ wallets – a classic case of what we’ve named wallet address scams in our previous research into cryptocurrency-targeting malware.”

Štefanko offers a few tips around how to stay safe with cryptocurrencies online:
•  Only trust cryptocurrency-related and other finance apps if they are linked from the official website of the service.
•  Only enter your sensitive information into online forms if you are certain of their security and legitimacy.
•   Keep your device updated.
•   Use a reputable mobile security solution to block and remove threats.
 
Štefanko says ESET reported the fake Trezor app to Google’s security teams and reached out to Trezor. Trezor confirmed that the fake app did not pose a direct threat to their users.

“However, they did express concern that the email addresses collected via fake apps such as this one could later be misused in phishing campaigns.”

Story image
Just 6,000 accounts responsible for over 100,000 email attacks - report
Barracuda has today released a report detailing how 6,170 malicious accounts that use Gmail, AOL, and other email services were responsible for more than 100,000 business email compromise (BEC) attacks on nearly 6,600 organisations. More
Download image
NFV adoption surges as firms seek to reduce network complexity
IT infrastructure has become more complex than ever, especially when it comes to networking and the reality of highly distributed infrastructures. That’s why many enterprises are turning to network functions virtualisation (NFV).More
Story image
Q&A: Barracuda VP on how SD-WAN can aid in public cloud adoption
Techday caught up with Barracuda RVP of public cloud & strategic alliances Chris Hill to discuss why SD-WAN is fast becoming the launch pad into the cloud.More
Story image
42% more plaintext HTTP servers than HTTPS counterparts - report
Rapid7 has released a report detailing the changing internet risk landscapes of 2020, and other issues facing cybersecurity teams.More
Story image
How business can lift protection against mobile threats
The mobile phone has become ubiquitous both personally and professionally. Many of these devices are able to access corporate networks and sensitive data, yet many may not be as protected or secured as company-owned devices.More
Story image
Beware of these six L7 DDoS attacks
As more services are migrating online, DDoS attacks are increasingly shifting away from the network layer, and into the application layer, writes Radware product marketing manager Eyal Arazi.More